현재 위치

[Seminar] Towards Smaller Trusted Computing Bases

Hermann Härtig

ProfessorTU Dresden

일시:

2013년 9월 12일 목요일 PM 1:00 - 2013년 9월 12일 목요일 PM 2:00

장소:

302동 208호

요약

Trusted computing bases (TCB), i.e. the set of components that have to be trusted for a specific (security) objective, have grown large. Especially their Software parts consist of tens of million lines of code if based on modern commodity operating systems. We report on an ongoing effort to reduce the SW parts of TCBs. Key insights are that TCBs should be considered to be application-specific, can and should be based on isolated components and reuse legacy by splitting into critical and uncritical parts. The talk discusses security objectives, design principles, isolation alternatives (HLL vs VM vs Microkernels), and studies in detail VPFS, a file system implemented following these principles. We present concrete examples with orders of magnitude smaller TCB sizes than if run on commodity operating systems. We will also mention caveats and practical limitations.